Splunk Search

Community Activity

Finding the latest source file per day My script runs every 2 hrs per day .But i need the latest file per day for a timerange to do some calculation. by Nadhiyaa Path Finder in Splunk Search 06-18-2019 0 3	0	3
How do I divide data in a column based on their values? I have two fields in my data. Below is an example.The actual data contains 100 rows. Store Minutes 81145 33 81234 42... by nikita012 New Member in Splunk Search 06-18-2019 0 3	0	3
No of Businessdays between two dates Hi , The below give me the no of days between two dates but i want to calculate only no of business days between two ... by snehalatha Engager in Splunk Search 06-18-2019 2 4	2	4
No value coming from OUTPUT during a look up I am trying to match a field across two inputs if the field matches then I compare the dates and table them. When I c... by sowmya120 New Member in Splunk Search 06-18-2019 0 3	0	3
Automatically Viewing Visualization in Search I'm linking a click value token in a dashboard to a search. Is there a way to format the drilldown search string so ... by TylerJVitale Explorer in Splunk Search 06-18-2019 0 2	0	2
How to search based on the the time field from the event? Hi Team, I am having field called expirationdatetime in my event and its format is 2019-06-21T06:08:40.220082Z. My r... by bhuvanabala New Member in Splunk Search 06-18-2019 0 2	0	2
Search to show zero when no results I have the following search: earliest=@d+11h latest=@d+22h index="daluat" Action="DAL*" \| timechart span=30m count ... by matthewcanty Communicator in Splunk Search 06-18-2019 0 9	0	9
How to write a real-time search to alert if daily license usage reaches 70 GB or more? Hi Team I need your help to write the search on the licence usage. Suppose I have a 100 GB license. My daily licence... by sumit29 Path Finder in Splunk Search 06-18-2019 1 3	1	3
How to create a regex to extract fields between two hyphens? Hi,help me in writing regex to extract field between two hyhpens. Eg: S-STRA-32 F-FIDR-67 Thanks! by Deepz2612 Explorer in Splunk Search 06-18-2019 0 5	0	5
How to write a search where if a certain string is found in a log, set Status=1, otherwise Status=0? I need to find a string in a log and set/unset a field depending on this.Ex: field Status = 1 or 0.I should say if(a_... by svivekananda007 Engager in Splunk Search 06-18-2019 4 9	4	9
How to search for an event from last week based on time value field? Hi - I am searching for events based on time field Last_Login_Time (sample value: 2019-06-13T20:26:12.000Z) which hap... by vnguyen46 Contributor in Splunk Search 06-18-2019 0 3	0	3
Can we retrieve data using DBConnect for rows which got modified? Is it possible to retrieve data using DBConnect for rows which got modified? And not included via the rising column? by ddrillic Ultra Champion in Splunk Search 06-18-2019 0 1	0	1
How to parse specific value from a field value? Disclaimer : I'm new to Regex and using the Rex function I have a field "Message" that has the following string form... by wicke_s Explorer in Splunk Search 06-18-2019 0 12	0	12
compare fields for like match I am looking for methods to compare two fields for a like match. Specifically, I'd like to match when field1 can be ... by rg33 Explorer in Splunk Search 06-18-2019 1 7	1	7
How to calculate sum (distinct_count by column1) and display as a number in visualization? I have a stats calculated using : stats distinct_count(c1) by c2 Now I want to calculate the sum of these distinct_... by waghuldese1 New Member in Splunk Search 06-18-2019 0 1	0	1
Daily averages in usage over 7 days or similar... index=_internal source="license_usage.log" type=Usage idx IN (index1,index2,index3, index4,etcindex) \| eval yearmo... by antb Path Finder in Splunk Search 06-18-2019 0 2	0	2
timestamp lookahead Hello i have this event for example: $changeSystemTimeCmd 1533808153 -newTime 1533808153 -oldTime 1533808147 i ne... by sarit_s Communicator in Splunk Search 06-18-2019 0 5	0	5
How to extract values between two same characters using regex? How to extract the field values between two same characters. Event Axxtalled=xrxnx xx Client\;12.0.5294\;15.179... by rashid47010 Communicator in Splunk Search 06-18-2019 0 2	0	2
Help with concatenation needed Hello, I need to concatenate two variables including strings (e-mail lists) into one. the code I use for that is the... by damucka Builder in Splunk Search 06-18-2019 0 1	0	1
Calculating percentages over multiple counts I'm trying to get percentages based on the number of logs per table. I want the results to look like this: **Table ... by hduncan7 Engager in Splunk Search 06-18-2019 0 3	0	3
What is the keyboard shortcut for the Splunk 6.5.0 search bar formatting on a German keyboard? Hi forum, I'm currently searching for a way to use the new Splunk 6.5.0 feature "query formatting" on a German keybo... by schose Builder in Splunk Search 06-18-2019 4 19	4	19
How to convert rangemap results into icons? Hi, I am simply trying to convert my table results or numbers to icons. Here is my search command which gives me the... by jsmorgan1it New Member in Splunk Search 06-18-2019 0 1	0	1
The stats command collect data together if the value is the same Hello im running this query: ((index=ssys_internal_fdm OR index=other_fdm) AND sourcetype!=machine) source=* \| s... by sarit_s Communicator in Splunk Search 06-18-2019 0 2	0	2
What would be the best approach to write a regex for dynamic sourcetypes? We recently instrumented our OpenShift environment to index data into Splunk. I'm looking for the best approach for ... by fisuser1 Contributor in Splunk Search 06-17-2019 0 3	0	3
Root Can't Create /var/log files This is the first time this has come up: When running the following command as root: (10:07:49) root@servername:/op... by heats Explorer in Splunk Search 06-17-2019 0 4	0	4